github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/reissueoperator_test.go

github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/reissueoperator_test.go (about)

     1  /*
     2   * Copyright 2020 The NATS Authors
     3   * Licensed under the Apache License, Version 2.0 (the "License");
     4   * you may not use this file except in compliance with the License.
     5   * You may obtain a copy of the License at
     6   *
     7   * http://www.apache.org/licenses/LICENSE-2.0
     8   *
     9   * Unless required by applicable law or agreed to in writing, software
    10   * distributed under the License is distributed on an "AS IS" BASIS,
    11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12   * See the License for the specific language governing permissions and
    13   * limitations under the License.
    14   */
    15  
    16  package cmd
    17  
    18  import (
    19  	"testing"
    20  
    21  	"github.com/stretchr/testify/require"
    22  )
    23  
    24  func Test_ReIssue(t *testing.T) {
    25  	ts := NewTestStore(t, "O")
    26  	defer ts.Done(t)
    27  	op1, err := ts.Store.ReadOperatorClaim()
    28  	require.NoError(t, err)
    29  	_, _, err = ExecuteCmd(createReIssueOperatorCmd())
    30  	require.NoError(t, err)
    31  	op2, err := ts.Store.ReadOperatorClaim()
    32  	require.NoError(t, err)
    33  	require.NotEqual(t, op1.Subject, op2.Subject)
    34  	require.Len(t, op1.SigningKeys, 0)
    35  	// add testing account
    36  	ts.AddAccount(t, "A")
    37  
    38  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    39  	require.NoError(t, err)
    40  	op3, err := ts.Store.ReadOperatorClaim()
    41  	require.NoError(t, err)
    42  	require.NotEqual(t, op2.Subject, op3.Subject)
    43  	require.Len(t, op3.SigningKeys, 1)
    44  	require.True(t, op3.SigningKeys.Contains(op2.Subject))
    45  
    46  	ac, err := ts.Store.ReadAccountClaim("A")
    47  	require.NoError(t, err)
    48  	require.True(t, op3.DidSign(ac))
    49  
    50  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--name", "O")
    51  	require.NoError(t, err)
    52  	op4, err := ts.Store.ReadOperatorClaim()
    53  	require.NoError(t, err)
    54  	require.NotEqual(t, op3.Subject, op4.Subject)
    55  	require.Len(t, op4.SigningKeys, 1)
    56  	require.True(t, op4.SigningKeys.Contains(op2.Subject))
    57  
    58  	ac, err = ts.Store.ReadAccountClaim("A")
    59  	require.NoError(t, err)
    60  	require.True(t, op4.DidSign(ac))
    61  }
    62  
    63  func Test_ReIssueStrict(t *testing.T) {
    64  	ts := NewTestStore(t, "O")
    65  	defer ts.Done(t)
    66  	op1, err := ts.Store.ReadOperatorClaim()
    67  	require.NoError(t, err)
    68  
    69  	// add testing account
    70  	ts.AddAccount(t, "A")
    71  
    72  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    73  	require.NoError(t, err)
    74  	op3, err := ts.Store.ReadOperatorClaim()
    75  	require.NoError(t, err)
    76  	require.NotEqual(t, op1.Subject, op3.Subject)
    77  	require.Len(t, op3.SigningKeys, 1)
    78  	require.True(t, op3.SigningKeys.Contains(op1.Subject))
    79  	ac, err := ts.Store.ReadAccountClaim("A")
    80  	require.NoError(t, err)
    81  	require.True(t, op3.DidSign(ac))
    82  
    83  	_, _, err = ExecuteCmd(createEditOperatorCmd(), "--require-signing-keys")
    84  	require.NoError(t, err)
    85  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    86  	require.NoError(t, err)
    87  }